I need some help debugging a DNS problem.
I am trying to set up a DNS server for a subdomain within an existing
domain I am administering. I have one DNS server that I have set up for
a small network (call it "foo.net"). It is set up to get updates from
the DHCP server, which also happens to be running on the same box. This
complicates things somewhat, since every time I make an update to the
Zone file, the server rewrites it slightly differently, according to how
IT wants to see it. (Bleedin' independent software, like a stubborn
child... ;-) This server happens to be running FC1, with current
updates (bind-9.2.2.P3-9).
I have also set up another DNS server on a brand new FC4(t3) install
(bind-9.3.1-2_FC4). This server has SOA for a domain under "foo" --
let's call it "bar.foo.net". This server forwards up to the main
server, which then forwards up to the main DNS servers for my ISP. The
secondary server actually has the FQN of "bar.foo.net", and appears to
be working fine. To check if it is responding to external requests, I
took *another* box on the network and pointed its resolve.conf file to
the secondary server, and it responds correctly to "dig" requests,
listing either itself or the main server as the Authoritative answer for
a query, depending on which domain (or sub-domain) I am referring to.
My problem is getting delegation working in the other direction.
I have inserted the appropriate NS "glue" records into the primary
server to point it to the secondary server for the sub-domain, but
whenever I try to do a "dig" of a name in the sub-domain (e.g.,
"a.bar.foo.net"), I get no answer.
The glue records from the primary DNS:
-------------------------------
@ IN SOA ns1.foo.net. someone.rochester.rr.com. (
...snip...
bar A 192.168.1.2
bar NS bar.foo.net.
NS ns1.foo.net.
-------------------------------
Note that I have also tried using different names for "bar" -- i.e.,
naming it something different from the sub-domain that it is hosting --
but this doesn't seem to make any differnce. The only clue I've got is
that the time the "dig" takes is consistently longer for the subdomain
(by a factor of about 5), which hints that it is actually trying to get
to the secondary, but can't figure it out for some reason. I know that,
even though "ns1" has an "A" record for "bar", it can't seem to resolve
the name.
Any hints as to what options I might use to give me a little better idea
of what the primary server is doing, and why it is failing? The
/var/log/messages file doesn't tell me anything.
Thanks!
--
Chuck Tryon
|
Similar Threads
Linear Mode
